Latest Openbsd Vulnerabilities

Openssh: regresshion - race condition in ssh allows rce/dos
Microsoft CBL Mariner 2.0 x64
Microsoft CBL Mariner 2.0 ARM
Openbsd Openssh<4.4
Openbsd Openssh>=8.6<9.8
Openbsd Openssh=4.4
Openbsd Openssh=8.5-p1
and 55 more
OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability
OpenBSD Kernel
OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability
OpenBSD Kernel
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist...
Openbsd Openssh
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10+deb10u4<=1:8.4p1-5+deb11u3<=1:9.2p1-2+deb12u2<=1:9.6p1-4<=1:9.7p1-4
F5 Traffix SDC=5.2.0=5.1.0
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constr...
ubuntu/openssh<1:8.9
ubuntu/openssh<1:9.0
ubuntu/openssh<1:9.3
ubuntu/openssh<1:9.6
ubuntu/openssh<1:9.6
Openbsd Openssh>=8.9<9.6
and 4 more
, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling
Openbsd Openssh<9.6
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Debian Debian Linux=12.0
ubuntu/openssh<1:7.6
ubuntu/openssh<1:8.2
and 18 more
Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
Openbsd Openssh<9.6
Putty Putty<0.80
Filezilla-project Filezilla Client<3.66.4
Microsoft PowerShell<=11.1.0
Panic Transmit 5<5.10.4
Apple macOS
and 128 more
In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed i...
Openbgpd Openbgpd<8.1
Openbsd Openbsd<7.3
Openbsd Openbsd=7.3
Openbsd Openbsd=7.3-errata_001
Openbsd Openbsd=7.3-errata_002
Openbsd Openbsd=7.3-errata_003
and 2 more
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI te...
Openbsd Openbsd=7.3
Openbsd Openbsd=7.3-errata_001
Openbsd Openbsd=7.3-errata_002
Openbsd Openbsd=7.3-errata_003
Openbsd Openbsd=7.3-errata_004
Openbsd Openbsd=7.3-errata_005
and 8 more
Remote Code Execution in OpenSSH's forwarded ssh-agent
Openbsd Openssh<9.3
Openbsd Openssh=9.3
Openbsd Openssh=9.3-p1
Fedoraproject Fedora=37
Fedoraproject Fedora=38
IBM QRadar SIEM<=7.5.0 - 7.5.0 UP6
and 10 more
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affect...
Openbsd Libressl<3.6.3
Openbsd Libressl>=3.7.0<3.7.3
Openbsd Openbsd=7.2
Openbsd Openbsd=7.3
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
Openbsd Libressl<3.4.2
Openbsd Openbsd<7.0
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verific...
Openbsd Libressl<3.6.1
Openbsd Openbsd<7.2
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped I...
Opensmtpd Opensmtpd<7.0.0
Openbsd Openbsd=7.1
Openbsd Openbsd=7.2
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
Openbsd Openssh>=8.9<9.3
Netapp Brocade Fabric Operating System
Netapp Hci Bootstrap Os
Netapp Solidfire Element Os
ubuntu/openssh<1:8.9
ubuntu/openssh<1:9.0
and 2 more
In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel.
Openbsd Openbsd=7.2
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote at...
Openssh Openssh=9.1
Fedoraproject Fedora=37
Fedoraproject Fedora=38
NetApp ONTAP Select Deploy administration utility
Netapp A250 Firmware
Netapp A250
and 11 more
Openbsd Openbsd=6.9
Openbsd Openbsd=7.0
engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge ca...
Openbsd Openbsd=6.9
Openbsd Openbsd=7.0
** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified...
Openbsd Openssh<8.9
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10+deb10u4<=1:8.4p1-5+deb11u3
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs f...
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10<=1:8.4p1-5<=1:8.4p1-6
ubuntu/openssh<1:8.2
ubuntu/openssh<8.8
ubuntu/openssh<1:7.2
Openbsd Openssh>=6.2<8.8
Fedoraproject Fedora=33
and 21 more
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' ...
Openbsd Libressl<=3.4.0
** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is corr...
Openbsd Openssh<=8.7
NetApp Clustered Data ONTAP
Netapp Hci Management Node
NetApp ONTAP Select Deploy administration utility
Netapp Solidfire
<=8.7
and 4 more
Openbsd Libressl>=2.9.1<=3.2.1
Linux Linux kernel
LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).
Openbsd Libressl>=2.9.1<=3.2.1
Linux Linux kernel
It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.
Openbsd Openbsd=4.6
Openbsd Openbsd=6.3
Openbsd Openbsd=4.9
Openbsd Openbsd=8.0
An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packe...
Openbsd Openbsd=6.6
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an a...
Openbsd Openssh>=8.2<8.5
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Netapp Cloud Backup
Netapp Hci Management Node
Netapp Solidfire
and 6 more
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.
Openbsd Openbsd<=6.7
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has...
IBM Security Guardium Insights<=2.0.2
Openbsd Openssh<8.3
Openbsd Openssh=8.3
Openbsd Openssh=8.3-p1
Netapp A700s Firmware
Netapp A700s
and 19 more
OpenSSH is vulnerable to a man-in-the-middle attack, caused by an observable discrepancy flaw. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the ...
IBM Security Guardium Insights<=2.0.2
Openbsd Openssh>=5.7<8.4
Openbsd Openssh=8.4
Openbsd Openssh=8.5
Openbsd Openssh=8.6
Netapp Aff A700s Firmware
and 8 more
** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to o...
Openbsd Openssh=8.2
=8.2
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
FreeBSD FreeBSD=8.2
Apple Mac OS X>=10.6.0<=10.7.2
Openbsd Openbsd=5.0
PHP PHP>=5.3.0<=5.3.10
OpenSMTPD Remote Code Execution Vulnerability
OpenBSD OpenSMTPD=6.6
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=32
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
and 7 more
The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).
Openbsd Textproc\/isearch<1.47.01nb1
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chp...
Openbsd Openbsd<=6.6
Kernel. A routing issue was addressed with improved restrictions.
Apple macOS Catalina<10.15.6
Apple Mojave
Apple High Sierra
Apple tvOS<13.4.8
Apple iOS<13.6
Apple iPadOS<13.6
and 11 more
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
debian/dietlibc
Dietlibc Project Dietlibc
Openbsd Openbsd
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.
Openbsd Openbsd=6.6
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login...
Openbsd Openbsd=6.6
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen...
Openbsd Openbsd=6.6
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's f...
Openbsd Openbsd=6.6
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This l...
Openbsd Openssh>=7.7<=7.9
Openbsd Openssh>=8.0<8.1
Netapp Cloud Backup
Netapp Steelstore Cloud Integrated Storage
Siemens Scalance X204rna Firmware<3.2.7
Siemens Scalance X204rna
and 2 more
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of s...
Openbsd Openbsd<=6.5
The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malici...
Barracuda VPN Client<5.0.2.7
Apple Mac OS X
Linux Linux kernel
Openbsd Openbsd
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI co...
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10+deb10u4<=1:8.4p1-5+deb11u2<=1:8.4p1-5+deb11u3<=1:9.2p1-2+deb12u1<=1:9.2p1-2+deb12u2<=1:9.6p1-2
Openbsd Openssh<=7.9
Winscp Winscp<=5.13
Netapp Element Software
Netapp Ontap Select Deploy
Netapp Storage Automation Store
and 4 more
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only perfo...
ubuntu/openssh<1:7.6
ubuntu/openssh<1:7.7
ubuntu/openssh<1:6.6
ubuntu/openssh<1:7.2
Openbsd Openssh<=7.9
Winscp Winscp<=5.1.3
and 76 more
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the targ...
debian/openssh<=1:7.4p1-10<=1:7.9p1-4<=1:7.4p1-10+deb9u4
Openbsd Openssh<=7.9
Winscp Winscp<=5.13
Netapp Cloud Backup
Netapp Element Software
Netapp Ontap Select Deploy
and 88 more
LibreSSL. Multiple issues were addressed by updating to libressl version 2.6.4.
Apple macOS Mojave<10.14
Openbsd Libressl<2.3.1
openSUSE openSUSE=13.2
LibreSSL. Multiple issues were addressed by updating to libressl version 2.6.4.
Apple macOS Mojave<10.14
Openbsd Libressl<2.3.1
openSUSE openSUSE=13.2

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203